FAIL2BAN - Filter.d - http-sql-inj
From IT-Arts.net
! Should be customized to your needs !
Filter.d
[Definition] # http-sql-inj.conf # SQL Injection Attempts # Matches common SQL injection patterns such as ' or 1=1 --, ; DROP TABLE, etc. failregex = ^<HOST>.*(select.*from.*where.*union.*select.*from.*information_schema.tables|insert.*into.*values.*select.*from.*information_schema.tables|union.*select.*null.*from.*information_schema.tables|or.*1=1).*$ ignoreregex =
Jail.conf
[http-sql-inj] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -1 findtime = 3d backend = polling
